With the following privacy notes, we would like to inform you about how we handle your personal data in detail.
A description of how we process personal data when using our website is available in our privacy policy.
Who we are
All references to ‘we’, ‘us’ or ‘the company’ in this Privacy Notice refer to the following organisation:
Virtual Identity AG
Grünwälder Straße 10-14
79098 Freiburg
Deutschland
+49 761 20758-400
https://www.virtual-identity.com
Austria
Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien
How to contact our data protection officer
The contact details of our designated data protection officer are as follows:
DataCo GmbH
Nymphenburger Str. 86
80636 München
Germany
+49 89 452459-900
Your rights
You have the following rights under the GDPR:
- right to be informed about how your data is used;
- right of access to your personal data;
- right to correction or rectification of your data;
- right to request deletion of your data;
- the right to object to the processing of your data;
- the right to data portability.
Should you wish to exercise the above rights, please send an email to the following email address:
In most cases, we will respond to any requests to exercise your rights free of charge and within one month, if not before.
Further information on your right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out in the public interest or based on our legitimate interests.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
The objection can be made without any formalities.
Further information on your right to withdraw consent
In addition, if you have consented to the processing of your personal data, you may revoke your consent at any time. Please note, however, that the lawfulness of the data processing that took place until the revocation is not affected in this case.
Information on publication on the Internet
If personal data has been made publicly accessible and you revoke your consent, we as the responsible body are only obliged to inform other recipients. This does not affect the obligation of these recipients to delete personal data. You can take direct action against other controllers who process your personal data and request deletion. Information posted on the Internet may never be completely deleted, even if it has been deleted from the original page. In any case, the providers of the main search engines are informed of the request for deletion, so that the personal data can at least no longer appear in search queries without further ado. We would like to point out that photos and/or videos on the Internet can be accessed by anyone. Despite all technical precautions, it cannot be ruled out that such persons may continue to use the photos and/or videos or pass them on to other persons. We are not liable for third parties using the photos for other purposes, including in particular by downloading and/or copying photos.
Your right to complain
If you are unhappy with any aspect of this privacy notice, or how your personal data is being processed, please contact our data protection officer.
You also have the right of appeal to a supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg. You can reach this authority at:
Address:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Postal address:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
P.O. Box 10 29 32
70025 Stuttgart
Phone: +49 711/615541-0
Fax: +49 711/615541-15
E-mail address:
For Clients and interested parties
This Privacy Notice sets out how we use personal data for the following individuals:
- Our clients who are individuals, as well as representatives or contact persons of our clients who are legal entities
- Interested parties who are individuals, as well as representatives or contact persons of interested parties who are legal entities
Where we choose, or assess whether to choose, to enter a business relationship with a client or other interested party, we are the controller of any personal data that you give to us for the purpose of enabling that business relationship. This means that we are responsible for deciding how we collect, use and store information about you regarding our relationship.
Within the scope of the business relationship, we may collect the following personal data about our clients or interested parties:
- Personal Identification Information: First name, last name, title
- Contact Information: Email address (business), telephone number (business), Company postal address (business)
- Payment Information:Bank account number, Credit/debit card details, billing address, tax identification numbers and business registration details, purpose and other information relating to financial transactions, maturity of receivables, amount of receivables
- Professional Information: Company name, department, industry, job title
- Photo and Video: photos (optionally, if you provide it), screenshots, video recordings of online meetings, photos or video recordings of meetings or workshops.
- Unincorporated Business Status: For sole traders or partnerships, including details of the business and its operations.
- Contracts and Agreement Details: Documentation of the terms of our financial arrangements with you.
- Legal Claims or Proceedings: Information related to any legal actions involving you that might affect our relationship.
- Compliance Documentation: Data necessary for anti-money laundering (AML) checks, know your customer (KYC) processes, and other regulatory requirements.
- Credit Scores and History: Obtained from credit reference agencies to assess your creditworthiness.
- Account Transactions: Detailed records of transactions including dates, amounts, and descriptions.
- Invoices and Statements: Copies of billing documents sent to or received from you.
- Correspondence: Copies of communications between you and us, including emails, letters, and notes from phone calls.
- Customer Service Records: Details of interactions with our customer service teams, including inquiries, complaints, and feedback.
- All other personal data: provided to us during communication.
We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. We may process your personal data for the following purposes and under the following legal bases:
| Purpose | Legal basis |
|---|---|
| Process requests from interested parties | Legitimate interests – Art. 6 (1) (f) GDPR Performance of contract – Art. 6 (1) (b) GDPR |
| Prepare and carry out pre-contractual measures – incl. e.g. preparing and sending offers, agreements or contractual conditions aiming to conclude the contract | Performance of contract – Art. 6 (1) (b) GDPR |
| Establishment, execution and termination of the contractual relationship | Performance of contract – Art. 6 (1) (b) GDPR |
| Invoicing and B2B financial accounting, i.e. all activities related to recording, summarising and reporting various B2B transactions resulting from business operations | Performance of contract – Art. 6 (1) (b) GDPR Compliance with legal obligations – Article 6(1)(c) GDPR |
| Include contact details in our customer relationship management system | Legitimate interests – Art. 6 (1) (f) GDPR |
| Customer management and service – e.g. customer inquiries and communication via email or phone | Legitimate interests – Art. 6 (1) (f) GDPR Performance of contract – Art. 6 (1) (b) GDPR |
| Carry out marketing initiatives like newsletters, whitepaper downloads or invitations to events or webinars | Legitimate interests – Art. 6 (1) (f) GDPR Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR |
| Inform about our products and services. Incl. sending (direct) advertising by email or telephone | Legitimate interests – Art. 6 (1) (f) GDPR |
| Assigning receivables | Performance of contract – Art. 6 (1) (b) GDPR |
| Securing debts via guarantees | Performance of contract – Art. 6 (1) (b) GDPR |
| Implementing and managing the debt assignment process | Legitimate interests – Art. 6 (1) (f) GDPR Compliance with legal obligations – Article 6(1)(c) GDPR, where necessary to comply with legal and regulatory obligations |
| Consultation and data exchange with credit agencies to determine credit and default risks | Legitimate interests – Art. 6 (1) (f) GDPR |
| Detecting and preventing fraud | Legitimate interests – Art. 6 (1) (f) GDPR |
| Comply with legal and regulatory obligations. Incl. the transmission of personal data to tax consultant office | Compliance with legal obligations – Article 6(1)(c) GDPR |
| Fulfil post-contractual measures | Performance of contract – Art. 6 (1) (b) GDPR |
| Assert, exercise or defend legal claims | Legitimate interests – Art. 6 (1) (f) GDPR |
Most of the personal data that we process is sourced directly from our clients or interested parties in the course of communication and contractual relationships.
We collect data from clients or interested parties in the following manners:
- Requests and data sent via the contact form on our website
- Requests and data sent via messages to our employees, e.g. via email, LinkedIn messages and other communication channels
- Requests at trade fairs or other events where data is passed on to our employees with the aim of establishing contact
- Individual registration for events on our website
- Individual research about potential interested parties in business directories, contact information on websites, and professional networks
- Querying of the personal data after concluding a contract with us from the persons themselves, or receipt of personal data via an employee of the client company. This could also concern employees of service providers used by a client’s company.
- Entry of employees’ personal data by an administrative assistant of the client in project management, collaboration and communication platforms.
In addition, in some circumstances we will collect personal data from third-party agencies or publicly available sources like business directories or websites to fulfil the purposes for processing your personal data outlined in this Chapter of this Privacy Notice.
We only transfer your personal data to external recipients if you have consented or if this is permitted by law.
Service providers
As with most organisations, we use service providers which help us to manage our relationship with you and provide value to you in our projects. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.
External recipients of your personal data may be in particular:
- Freelancers
- Data processors
- Data destruction providers
- Potential business partners in the context of a (future) due diligence review
- Regulatory Authorities e.g. courts, trade supervisory office, Data protection supervisory authority, BAFA (Federal Office of Economics and Export Control) and law enforcement
- Settlement partners
- Banks, payment providers and other financial or credit institutions
- Credit reference agencies
- Debt Collection agencies
- Legal, professional and tax consultants
- Accounting Offices
- Insolvency practitioners
- Parcel and postal service providers
- Logistics and warehouse providers
- Auditors
- Other creditors
Additionally, we use the following service providers:
| Service | Provider | Reason why your data is shared | Location of data processing |
|---|---|---|---|
| Adobe Photoshop, Premiere, Illustrator and Creative Cloud File Storage | Adobe Systems Software Ireland Limited, 4–6 Riverwalk, City West Business Campus, Dublin 24, Ireland Adobe Inc., 345 Park Avenue, San Jose, CA 95110 | We use Adobe apps and cloud services for image and video processing. Depending on the contract and project, personal image data could be shared with Adobe. Also giving you access to such assets, personal data might be shared with Adobe. | Ireland, USA Third-country transfer under EU-U.S. DPF, EU SCCS |
| Docusign Electronic Signature Platform | Docusign International (EMEA) Limited, 5 Hanover Quay Ground Floor Dublin 2 Ireland Docusign Inc., 221 Main Street, Suite 800, San Francisco, CA 94105 Docusign Germany GmbH, | We use Docusign services to manage contractual documents and qualified electronic signatures. Personal data, required to sign a contract, is shared with DocuSign. | Ireland, USA, Germany Third-country transfer under EU SCCs |
| Figma, collaborative UI design platform Privacy Policy | Figma, Inc. 760 Market St FL 10 San Francisco, CA 94102 | We use Figma to collaboratively develop UI/UX designs, concepts and prototypes. Giving you access to such artifacts on Figma.com, personal data might be shared with Figma. | USA, Third-country transfer under EU-U.S. DPF, EU SCCs |
| LinkedIn Professional Network | LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland | We use LinkedIn to present our company, post content and give you the opportunity get in contact with us or to download whitepapers. | Ireland, USA Third country transfer under EU-U.S. DPF, |
| Project Management Software ClickUp Privacy Policy | Mango Technologies, Inc. dba ClickUp, 350 Tenth Ave Suite 500, San Diego, CA 92101 | Project Management and all project related processes | USA, Third country transfer under EU SCCs |
| Microsoft Teams, Microsoft 365 Privacy Statement | Microsoft Ireland Operations, Ltd. One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. | We use Microsoft Teams and other Microsoft 365 services and applications for email communication, online meetings, cloud storage and other business processes | Ireland, USA, Germany Third country transfer under EU-U.S. DPF, EU SCCs |
| Miro Collaboration Board Privacy Policy | RealtimeBoard, Inc. dba Miro 201 Spear Street Suite 1100 San Francisco, CA 94105 | We use Miro boards to work collaboratively on projects, concepts and sharing ideas in online meetings. | USA, The Netherlands, Third country transfer under EU-U.S. DPF, EU SCCs |
| Zoho CRM | Zoho Corporation BV, Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands | We use Zoho CRM to manage our clients’ contact data and relationship information. | The Netherlands Third country transfer under EU SCCs |
We would like to point out that we have no influence on the data collection and its further use by the providers of the professional and social networks. Further information on objection and removal options towards the providers of social networks can be obtained directly from these providers.
Affiliated Group Entities
In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.
For organizational purposes we may share data with our subsidiaries:
Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien
Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto
International Data Transfers
If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.
We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:
- If there are outstanding obligations from the contractual relationship
- If a deletion conflicts with contractual, legal or statutory retention periods
- For the assertion, exercise or defence of legal claims
- If this is required for the fulfilment of a legal obligation to which we are subject.
For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. This obligation also arises from the law, e.g. § 14 UstG or other regulatory and legal obligations. Without this data, we will generally not be able to conclude and execute the contract with you.
For Event participants
This Privacy Notice sets out how we use personal data for the following individuals:
- All individuals who register for and/or attend in-person events
- All individuals who register for and/or attend online events and webinars
When we process your personal data for purposes related to our events, we are the controller of any personal data that you give to us. This means that we are responsible for deciding how we collect, use and store information about you.
If you sign up to participate in an event or webinar organised by us, we ask you to provide certain information so that we can process your interest in the event, provide you with relevant updates, and facilitate and confirm your attendance.
Specifically, we may collect the following information:
- Personal Identification Information: First name, last name, title
- Contact information: Email address, phone number, postal address
- Professional Information: Job title, affiliated organisation, industry
- Accessibility requirements: Information on disabilities or any special assistance needed
- Interest in our products and services: Information regarding your interests in relation to the products, services, or topics related to the event.
During events and webinars, we may collect the following information:
- Photographs and recordings: Photos, video, screenshots or livestream recordings captured during the event
Following events and webinars, we offer the opportunity to provide feedback:
- Opinions and feedback: Responses to post-event surveys or feedback forms, including satisfaction ratings, suggestions for improvement, and descriptions of personal experiences.
- Interest in related products and services: A record of whether you would like to receive communications regarding future events and products or services related to the event topic.
We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. In particular, we process your personal data for the following purposes and under the following legal bases:
| Purpose | Categories of data | Legal basis |
|---|---|---|
| Registering your interest and facilitating your participation in our events |
| Legitimate interests – Art. 6 (1) (f) GDPR |
| Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR | |
| Marketing our related products and services to you |
| Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR |
| Sharing event content on password-protected websites with all registered participants of the event and/or posting on online channels for marketing purposes |
| Legitimate interests – Art. 6 (1) (f) GDPR Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR |
| Collecting feedback to enhance the quality of future events |
| Legitimate interests – Art. 6 (1) (f) GDPR |
| Sharing your information with partners providing services required to organize and hold the event. |
| Legitimate interests – Art. 6 (1) (f) GDPR |
We only transfer your personal data to external parties if you have consented or if this is permitted by law.
Service providers
As with most organisations, we use service providers to support the delivery of our events. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.
We use the following service providers:
| Service | Provider | Reason why your data is shared | Location of data processing |
|---|---|---|---|
| Amazon Web Services | Amazon Web Services EMEA SARL 38 avenue John F. Kennedy, L-1855, Luxemburg | We use Amazon Web Services to host our website which is based on WordPress. All data submitted in the event registration process will be processed by servers and cloud services hosted via AWS. | Ireland, USA, Third country transfer under EU-U.S. DPF, |
| Instagram Social Network | Meta Platforms Ireland Limited ATTN: Privacy Operations Merrion Road Dublin 4 D04 X2K5, Ireland | We use Instagram to present our company and give you the opportunity get in contact with us. For marketing purposes, we may post event content like photographs, audio and video recordings on professional and social networks – if you gave us your consent | Ireland, USA, Third country transfer under EU-U.S. DPF, |
| LinkedIn Professional Network | LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland | We use LinkedIn to present our company and give you the opportunity get in contact with us or to download whitepapers. For marketing purposes, we may post event content like photographs, audio and video recordings on professional and social networks – if you gave us your consent | Ireland, USA Third country transfer under EU-U.S. DPF, |
| Microsoft Teams, Microsoft 365 | Microsoft Ireland Operations, Ltd. One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland | We use Microsoft Teams and related Microsoft 365 services to host our online events. | Ireland, USA, Germany Third country transfer under EU-U.S. DPF, EU SCCs |
| QFlow for events, check-in Privacy Policy | Wiretouch Ltd. 71a Church Road Hove, East Sussex BN3 2BB, England | We use Qflow from Wiretouch Ltd. for event check-in | United Kingdom, Third country transfer under EU SCCs |
| Zoho CRM | Zoho Corporation GmbH Trinkausstr. 7 40213 Düsseldorf, Germany Zoho Corporation B. V. Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands | We use Zoho CRM to manage our clients’ contact data and relationship information. This applies to clients and interested parties only. | The Netherlands Third country transfer under EU SCCs |
| Xing Professional Network | New Work SE Am Strandkai 1 20457 Hamburg | We use Xing to present our company and give you the opportunity get in contact with us. For marketing purposes, we may post event content like photographs, audio and video recordings on professional and social networks – if you gave us your consent | Germany |
We would like to point out that we have no influence on the data collection and its further use by the providers of the professional and social networks. Further information on objection and removal options towards the providers of social networks can be obtained directly from these providers.
We also may share event content like photographs, audio and video recordings on a password-protected website with all registered participants of the particular event.
Affiliated Group entities
In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.
For organizational purposes we may share data with our subsidiaries:
Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien
Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto
International Data Transfers
If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.
We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:
- if there are outstanding obligations from the contractual relationship
- if a deletion conflicts with contractual, legal or statutory retention periods.
- for the assertion, exercise or defence of legal claims
- if this is required under European or national law for the fulfilment of a legal obligation to which we are subject.
For Service Providers and Suppliers
This Privacy Notice sets out how we use personal data for the following individuals:
- Our suppliers, vendors and service providers who are individuals
- Representatives or contact persons of our suppliers, vendors and service providers who are legal entities
For ease of reference, all the above categories of individuals are collectively referred to as ‘suppliers’ throughout this Chapter of this Privacy Notice.
Where we choose, or assess whether to choose, to enter a business relationship with a supplier, we are the controller of any personal data that you give to us for the purpose of enabling that business relationship. This means that we are responsible for deciding how we collect, use and store information about you regarding our relationship.
We process personal data from suppliers and service providers. This is necessary for business operations. The following data is processed in this context:
- Personal Identification Information: First name, last name, title
- Contact Information: Email address (business), telephone number (business), Company postal address (business)
- Professional Information: Company name, department, industry, job title
- Photo and Video: portrait photo (optionally, if you provide it yourself), video recordings of online meetings, photos and video recordings of meetings or workshops.
- Payment Information: Bank account number and/or Credit/debit card details, billing address, tax identification numbers and other business registration details, purpose and other information relating to financial transactions, maturity of receivables, amount of receivables
- Service Delivery Information: Service descriptions, contractual agreements, delivery schedules, service preferences
- Quality Assurance and Feedback: Opinions, feedback on services provided, complaints, suggestions for improvement
- Compliance and Due Diligence Information: Information related to compliance with laws and regulations
- All other personal data: provided to us during communication
We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. We may process your personal data for the following purposes and under the following legal bases:
| Purpose | Legal basis |
|---|---|
| Due diligence & supplier selection | Legitimate interests – Art. 6 (1) (f) GDPR |
| Establishment, execution and termination of a contractual relationship | Performance of contract – Art. 6 (1) (b) GDPR |
| Supplier onboarding | Performance of contract – Art. 6 (1) (b) GDPR/td> |
| Performance of orders | Performance of contract – Art. 6 (1) (b) GDPR |
| Effecting and managing payments | Performance of contract – Art. 6 (1) (b) GDPR |
| Evaluating supplier performance | Legitimate interests – Art. 6 (1) (f) GDPR |
| Audits & Record-keeping | Legitimate interests – Art. 6 (1) (f) GDPR Compliance with legal obligations – Article 6(1)(c) GDPR, where necessary to comply with legal and regulatory obligations |
| Consultation and data exchange with credit agencies to determine credit and default risks | Legitimate interests – Art. 6 (1) (f) GDPR |
| Market and opinion research, provided that you have not objected to the use of data for this purpose | Legitimate interests – Art. 6 (1) (f) GDPR Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR |
| Comply with legal and regulatory obligations. Incl. the transmission of personal data to tax consultant office | Compliance with legal obligations – Article 6(1)(c) GDPR |
| Claim and manage post-contractual measures | Performance of contract – Art. 6 (1) (b) GDPR |
| Assert, exercise or defend legal claims | Legitimate interests – Art. 6 (1) (f) GDPR |
Most of the supplier personal data that we process is sourced directly from our suppliers.
We collect data from suppliers or service providers in the following manners:
- Receipt of personal data directly from the data subject via establishment of contact by suppliers or service provider
- Receipt of personal data directly from the data subject via establishment of contact by Virtual Identity
In addition, in some circumstances we will collect supplier personal data from third-party agencies or publicly available sources like business directories or websites for the purpose of supplier due diligence and evaluation.
We only transfer your personal data to external recipients if you have consented or if this is permitted by law.
Service providers
As with most organisations, we use service providers which help us to manage our relationship with you and provide value to you in our projects. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.
External recipients of your personal data may be in particular:
- Freelancers
- Data processors
- Data destruction providers
- Potential business partners in the context of a (future) due diligence review
- Regulatory Authorities e.g. courts, trade supervisory office, Data protection supervisory authority, BAFA (Federal Office of Economics and Export Control) and law enforcement
- Settlement partners
- Banks, payment providers and other financial or credit institutions
- Credit reference agencies
- Debt Collection agencies
- Legal, professional and tax consultants
- Accounting Offices
- Insolvency practitioners
- Parcel and postal service providers
- Logistics and warehouse providers
- Auditors
- Other creditors
Additionally, we use the following service providers:
| Service | Provider | Reason why your data is shared | Location of data processing |
|---|---|---|---|
| Adobe Photoshop, Premiere, Illustrator and Creative Cloud File Storage | Adobe Systems Software Ireland Limited, 4–6 Riverwalk, City West Business Campus, Dublin 24, Ireland Adobe Inc., 345 Park Avenue, San Jose, CA 95110 | We use Adobe apps and cloud services for image and video processing. Depending on the contract and project, personal image data could be shared with Adobe. Also giving you access to such assets, personal data might be shared with Adobe. | Ireland, USA Third-country transfer under EU-U.S. DPF, EU SCCS | Docusign Electronic Signature Platform | Docusign International (EMEA) Limited, 5 Hanover Quay Ground Floor Dublin 2 Ireland Docusign Inc., 221 Main Street, Suite 800, San Francisco, CA 94105 Docusign Germany GmbH, | We use Docusign services to manage contractual documents and qualified electronic signatures. Personal data, required to sign a contract, is shared with DocuSign. | Ireland, USA, Germany Third-country transfer under EU SCCs |
| Figma, collaborative UI design platform Privacy Policy | Figma, Inc. 760 Market St FL 10 San Francisco, CA 94102 | We use Figma to collaboratively develop UI/UX designs, concepts and prototypes. Giving you access to such artifacts on Figma.com, personal data might be shared with Figma. | USA, Third-country transfer under EU-U.S. DPF, EU SCCs |
| Project Management Software ClickUp Privacy Policy | Mango Technologies, Inc. dba ClickUp, 350 Tenth Ave Suite 500, San Diego, CA 92101 | Project Management and all project related processes | USA, Third country transfer under EU SCCs |
| Microsoft Teams, Microsoft 365 Privacy Statement | Microsoft Ireland Operations, Ltd. One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. | We use Microsoft Teams and other Microsoft 365 services and applications for email communication, online meetings, cloud storage and other business processes | Ireland, USA, Germany Third country transfer under EU-U.S. DPF, EU SCCs |
| Miro Collaboration Board Privacy Policy | RealtimeBoard, Inc. dba Miro 201 Spear Street Suite 1100 San Francisco, CA 94105 | We use Miro boards to work collaboratively on projects, concepts and sharing ideas in online meetings. | USA, The Netherlands, Third country transfer under EU-U.S. DPF, EU SCCs |
Affiliated Group Entities
In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.
For organizational purposes we may share data with our subsidiaries:
Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien
Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto
International Data Transfers
If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.
We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:
- If there are outstanding obligations from the contractual relationship
- If a deletion conflicts with contractual, legal or statutory retention periods
- For the assertion, exercise or defence of legal claims
- If this is required for the fulfilment of a legal obligation to which we are subject.
For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. This obligation also arises from the law, e.g. § 14 UstG or other regulatory and legal obligations. Without this data, we will generally not be able to conclude and execute the contract with you.
This notice was created with the support of DataGuard.